Email addresses and passwords belonging to more than seven millions users of the Minecraft site Lifeboat are reportedly being hawked around sites that trade in stolen data.
The Lifeboat network is a multiplayer community running servers that allow players of the smartphone version of Minecraft to play different versions of the game.
The information is understood to have been weakly scrambled while on the servers and hacked in January, although the breach only came to light recently.
Computer security expert Troy Hunt claims to have received a copy of the email list from someone who trades in stolen data and it is alleged the email addresses are circulating on dark net websites.
Mr Hunt claims Lifeboat was aware of the incident for three months before the breach was made public but chose not to tell Minecraft users.
The data was said to have been scrambled using an MD5 hash, but Mr Hunt claims some of the passwords used were so weak he was able to discover them by posting the hash into Google.
In a statement given to Motherboard, Lifeboat alleged it had limited any potential damage by covertly compelling users to reset their passwords.
“When this happened (in) early January we figured the best thing for our players was to quietly force a password reset without letting the hackers know they had limited time to act,” a spokesman told the site.
“We have not received any reports of anyone being damaged by this.”
Minecraft has been downloaded more than 100 million times since it launched online in 2009.
Its creator Markus Persson recently complained that the wealth the game brought him had left him lonely and lacking in motivation.